Home / malware Backdoor:Win32/Afcore
First posted on 23 December 2013.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Win32/Afcore.
Explanation :
Threat behavior This trojan installs other malware on your PC, including Backdoor:Win32/Afcore.BB.
Installation
Backdoor:Win32/Afcore is installed by other malware. It install the malware, modifies the registry and restarts Windows Explorer. Backdoor:Win32/Afcore drops the following files:It modifies the following registry entries so that the DLL in the %TEMP% folder runs each time you start your PC: In subkey: HKLM\Software\Classes\CLSID\{
- %TEMP% \
.dll - Backdoor:Win32/Afcore.BB \ .dll - Backdoor:Win32/Afcore.BB \ .dat - data file \ .dat - data file \ .dat - data file }
Sets value: "(default)"
With data:In subkey: HKLM\SOFTWARE\Classes\CLSID\{ }\InprocServer32
Sets value: "(default)"
With data: "\ .dll" In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Sets value: "(default)"
With data: "{}" After installing Backdoor:Win32/Afcore.BB, Backdoor:Win32/Afcore deletes itself by running instructions within a command shell (cmd.exe).
Payload
Closes W
indows Explorer
Backdoor:Win32/Afcore ends the Windows Explorer process to let the installed component be loaded into a new Explorer process.
Additional Information
There is more information in the Backdoor:Win32/Afcore.BB description.
Analysis by Shawn WangSymptoms
Alerts from your security software may be the only symptom.
Last update 23 December 2013
